Defense & Operations
Vulnerability Scanning
Also known as: Vuln scanning, Automated vulnerability scan
Definition
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
Examples
- An authenticated weekly scan of Linux servers that detects missing kernel patches.
- A container image scan in the CI pipeline blocking builds with critical CVEs.
Related terms
Vulnerability Assessment
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
CVE (Common Vulnerabilities and Exposures)
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
CVSS (Common Vulnerability Scoring System)
An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
Attack Surface Management (ASM)
Continuous discovery, inventory, classification, and monitoring of all assets that expose an organization to potential cyberattack.
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.